All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get the Splunk Add-on for Nessus to pull data older than the current month from my scanner?

donaldwayne1975
Path Finder
‎11-11-2015 07:11 AM

Recently installed the Splunk Add-on for Nessus and have it successfully pulling data from my scanner. It is only showing scan data for the current month though. Is there a way to have it pull data further back. Nessus version is 6.5.2 and Splunk version 6.2.0.237341. Thank you in advance for your time.

0 Karma
Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎11-11-2015 09:24 AM

The start_date parameter (called Start Time in the input UI if you are doing this in Splunk Web) is intended to control this. It should be pulling all scan data with a "host scan date" in Nessus later than the time you specify. Keeping the default of 1999/01/01 should collect everything. If that doesn't seem to be working as expected, please file a support case and send a diag so we can take a look.

0 Karma
Reply

donaldwayne1975
Path Finder
‎11-12-2015 08:11 AM

I have adjusted this value a couple of times, followed by a restart of the service. I have seen one additional day worth of data from 2 months prior be populated into Splunk. Odd that it is not pulling the other days scan data. I am seeing these errors in the log.

ERROR pid=5600 tid=MainThread file=nessus_config.py:check_conf_mgr_result:26 | Cannot get the encrypted keys.

ERROR pid=5600 tid=MainThread file=nessus.py:get_nessus_modinput_configs:156 | Failed to setup config for nessus TA: Cannot get the encrypted keys.

AND

ERROR pid=5600 tid=MainThread file=nessus.py:get_nessus_modinput_configs:157 | Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_nessus\bin\nessus.py", line 147, in get_nessus_modinput_configs
input_conf = config.get_data_input(input_name)

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...